Hi Expert I would like some tips to conduct a network assessment on a network were the speed of the network get slow during lunch time. is there any free application I would be able to use as I need to fine out if user may be listen to music or watching movie on the network causing a bottleneck
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Help with network assessment of network which slow down at lunch
- Thread starter loveroots
- Start date
![[americanflag]](/data/assets/smilies/americanflag.gif "[americanflag] [americanflag]")
Go Army!
silverhairb
IS-IT--Management
The boss is streaming HD video over lunch. (LOL)
[the other] Bill
[the other] Bill
- Thread starter
- #5
Hi Expert I really need some tips as I am travelling to make the assessment and would like to have some info before I go I have enable NBAR but i do not see any streaming protocol, its not working for what I want. if I could see IP of the lan user it would ne fine then I could make recommendation, but we can not bring in a company not until we have proof
- Thread starter
- #7
wolverene13
ISP
Try Ethereal - it will tell you a packet's source, destination, and protocol type, among other things.
Use Wireshark (aka Ethereal) its free... I have seen this type of slow down that doesn't show going out the internet when there is a backup going on during lunch hours.
------------------------------------
Dallas, Texas
Telecommunications Tech
CCVP, CCNA, Net+
CCNP in the works
------------------------------------
Dallas, Texas
Telecommunications Tech
CCVP, CCNA, Net+
CCNP in the works
Oh ya... for the wireshark set up;
On the core switch you will want to take one port and set it to SPAN the VLAN's. Plug the laptop into that port and turn on wireshark and let it capture. Let it go for a lil bit ( with it monitoring all the VLAN's it will fill up pretty quick ) and then just go back and start to sort through the data to see where most of the congrestion is coming from.
------------------------------------
Dallas, Texas
Telecommunications Tech
CCVP, CCNA, Net+
CCNP in the works
On the core switch you will want to take one port and set it to SPAN the VLAN's. Plug the laptop into that port and turn on wireshark and let it capture. Let it go for a lil bit ( with it monitoring all the VLAN's it will fill up pretty quick ) and then just go back and start to sort through the data to see where most of the congrestion is coming from.
------------------------------------
Dallas, Texas
Telecommunications Tech
CCVP, CCNA, Net+
CCNP in the works
tjbradford
Technical User
can we gather some basic info first before we packettrace to death.
number of devices ?
number of subnets ?
any proxy servers ?
Size of internet pipe ?
switch speeds ?
8 users could kill an adsl at lunch time and you don't need a packet tracer to calculate that one !
the trace you need has to be right depending on the size of the infrastructure.
number of devices ?
number of subnets ?
any proxy servers ?
Size of internet pipe ?
switch speeds ?
8 users could kill an adsl at lunch time and you don't need a packet tracer to calculate that one !
the trace you need has to be right depending on the size of the infrastructure.
StaplesMan
Technical User
This is what I use:
A couple easy commands on a cisco device and your recording.
Gives two interfaces free.
CCNA, A+, HP Certified Professional
A couple easy commands on a cisco device and your recording.
Gives two interfaces free.
CCNA, A+, HP Certified Professional
- Thread starter
- #13
Hi expert here are the answer to your questions
can we gather some basic info first before we packettrace to death.
number of devices ? One cieco 3600 series router, 4 cisco 3560 switch
number of subnets ? one subnet
any proxy servers ? no proxy server open internet access
Size of internet pipe ? 6megs internet
switch speeds ? 100 mbps
8 users could kill an adsl at lunch time and you don't need a packet tracer to calculate that one ! 85 users in total
can we gather some basic info first before we packettrace to death.
number of devices ? One cieco 3600 series router, 4 cisco 3560 switch
number of subnets ? one subnet
any proxy servers ? no proxy server open internet access
Size of internet pipe ? 6megs internet
switch speeds ? 100 mbps
8 users could kill an adsl at lunch time and you don't need a packet tracer to calculate that one ! 85 users in total
tjbradford
Technical User
yeah netflow with a demo of solorwinds or scrutinizer (spelt wrong i think) they do a vm version which is free and will give very good results, I'm guessing the internal lan is started to creak under the strain not just the 6Mb link.
in which case maybe worth checking DNS Server if you have one internally.
If it was me i would see how well connected I was between me and another client and me and the server/s early am and at lunchtime.
just popped into my head, you haven't Got your AV or system Patching running at lunchtimes have you? / all machine trying to obtain updates from microsoft or something?
in which case maybe worth checking DNS Server if you have one internally.
If it was me i would see how well connected I was between me and another client and me and the server/s early am and at lunchtime.
just popped into my head, you haven't Got your AV or system Patching running at lunchtimes have you? / all machine trying to obtain updates from microsoft or something?
- Thread starter
- #16
if you have a 6 meg pipe and a switch that is set for 100mb, that will cause issues. you should do some traffic shaping to only allow 6mb of traffic. where is the other 94mb (not that its getting that high) going? are they being buffered? dropped? i am not sure what wireshark or ethereal will tell you. sounds like you want stats on pipe utilization, we know packets are going across. check out traffic shaping on your perimeter device (port)
I know this is a cisco forum but if you have a linux box you can setup NTOP and mirror your outbound/inbound interface and it will tell you all the traffic coming/going in your network. Took me literally 5 minute to setup and its web based.
Can reset the stats right before lunch and then watch what happens to the traffic. This is what it looks like (I havent reset the stats in a long time):
Can reset the stats right before lunch and then watch what happens to the traffic. This is what it looks like (I havent reset the stats in a long time):
tjbradford
Technical User
I guess aside from this but it would also help if you had a Proxy / cache server. it would reduce the load on the 6Mb pipe but also give a central point to look at stats most visited pages , downloads etc. you can of course do this per user to workout who is doing what, it of course adds to security aswell for blocking sites eg. facebook, virus.com or alike from one central point for all or selected users, I know this is a bit off the beaten path at the moment but it's in the horizon. of a good idea i feel.
I think you need to figure out if this slow down of the 'network' is internet or LAN based. If it is internet based, then use NBAR and monitor the router. If it is LAN based, meaning that if you are having problems copying a file from your machine to a file server on the network and it is taking a long time to do so, you are probably looking at some sort of issue on your LAN. Which at that point you would want to set up a SPAN port on your core switch for VLAN1 and then monitor it with wireshark to see what is the heaviest amount of traffic going through the network. Not all congestion is based around the internet pipe going out.
------------------------------------
Dallas, Texas
Telecommunications Tech
CCVP, CCNA, Net+
CCNP in the works
------------------------------------
Dallas, Texas
Telecommunications Tech
CCVP, CCNA, Net+
CCNP in the works
- Status
